Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Configurable "csspp0" capability to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED).

This commit is contained in:
hackademix 2021-04-02 00:22:39 +02:00
parent fee3a23243
commit f7d56c30f1
3 changed files with 38 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/bg/LifeCycle.js
View File

@ -240,24 +240,34 @@ var LifeCycle = (() => {
// put here any version specific upgrade adjustment in stored data
if (Ver.is(previousVersion, "<=", "11.0.10")) {
log(`Upgrading from 11.0.10 or below (${previousVersion}): configure the "ping" capability.`);
let configureNewCap = async(cap, presets, presetFilter) => {
log(`Upgrading from ${previousVersion}: configure the "${cap}" capability.`);
await ns.initializing;
ns.policy.TRUSTED.capabilities.add("ping");
await ns.savePolicy();
}
if (Ver.is(previousVersion, "<=", "11.2.1")) {
log(`Upgrading from ${previousVersion}: configure the "noscript" capability.`);
await ns.initializing;
let {DEFAULT, TRUSTED, UNTRUSTED} = ns.policy;
// let's add "noscript" to DEFAULY, TRUSTED and any CUSTOM preset
let presets = [DEFAULT, TRUSTED];
presets = presets.concat([...ns.policy.sites.values()].filter(p => p !== TRUSTED && p !== UNTRUSTED));
let policy = ns.policy;
let customIdx = presets.indexOf("CUSTOM");
presets = presets.map(p => policy[p])
if (customIdx !== -1) {
let { TRUSTED, UNTRUSTED } = policy;
// insert custom presets, if any
presets.splice(customIdx, 1, ...[...policy.sites.values()].filter(p => p !== TRUSTED && p !== UNTRUSTED));
}
if (presetFilter) presets = presets.filter(presetFilter);
for (let p of presets) {
p.capabilities.add("noscript");
p.capabilities.add(cap);
}
await ns.savePolicy();
}
if (Ver.is(previousVersion, "<=", "11.0.10")) {
await configureNewCap("ping", ["TRUSTED"]);
}
if (Ver.is(previousVersion, "<=", "11.2.1")) {
await configureNewCap("noscript", ["DEFAULT", "TRUSTED", "CUSTOM"])
}
if (Ver.is(previousVersion, "<=", "11.2.4")) {
// add the csspp0 capability to any preset which already has the script capability
await configureNewCap("csspp0", ["TRUSTED", "CUSTOM", "DEFAULT"], p => p.capabilities.has("script"));
}
},
async onUpdateAvailable(details) {

27
src/content/content.js
View File

@ -163,6 +163,20 @@ ns.on("capabilities", () => {
allowed: ns.canScript
});
if (!(ns.policy.isTorBrowser || ns.allows("csspp0"))) {
// protection against CSS PP0, not needed on the Tor Browser because of its
// noisy DNS resolution: https://orenlab.sise.bgu.ac.il/p/PP0
let prefetchCallback =
// false && // REL_ONLY
(location.hostname === 'localhost' && location.search.includes("debug_prefetch"))
? (rule, url) => {
debug("Prefetching %s from CSS", url, rule.cssText);
url.hostname = `prefetch.${url.hostname}`;
return false; // let default processing continue with the modified hostname
} : null;
prefetchCSSResources(true, prefetchCallback);
}
if (!ns.canScript) {
if ("serviceWorker" in navigator && navigator.serviceWorker.controller) {
@ -172,19 +186,6 @@ ns.on("capabilities", () => {
}
})();
}
if (!ns.policy.isTorBrowser) {
// protection against CSS PP0, not needed on the Tor Browser because of its
// noisy DNS resolution: https://orenlab.sise.bgu.ac.il/p/PP0
let prefetchCallback =
// false && // REL_ONLY
(location.hostname === 'localhost' && location.search.includes("debug_prefetch"))
? (rule, url) => {
debug("Prefetching %s from CSS", url, rule.cssText);
url.hostname = `prefetch.${url.hostname}`;
return false; // let default processing continue with the modified hostname
} : null;
prefetchCSSResources(true, prefetchCallback);
}
onScriptDisabled();
}

2
src/nscl

@ -1 +1 @@
Subproject commit 9d07bf47ec8c9f0c02b53c047eb844e17a181d37
Subproject commit 97c2a54550a2d8c2eb06ddad6c11651eb0f06439